| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Jun 2018 16:00:17 -0700
From: Matthias Kaehlcke <mka@...omium.org>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Joe Perches <joe@...ches.com>,
Nick Desaulniers <ndesaulniers@...gle.com>, rkrcmar@...hat.com,
Thomas Gleixner <tglx@...utronix.de>, hpa@...or.com,
x86@...nel.org, kvm@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>,
Masahiro Yamada <yamada.masahiro@...ionext.com>
Subject: Re: [PATCH] kvm: x86: mmu: Add cast to negated bitmasks in
update_permission_bitmask()
On Wed, Jun 20, 2018 at 10:02:15AM +0200, Paolo Bonzini wrote:
> On 20/06/2018 01:45, Matthias Kaehlcke wrote:
> >
> > v4.16 with an x86 allyesconfig and a few drivers disabled since they
> > don't build with clang (yet):
> >
> > 16 occurrences of -Wconstant-conversion, including the ones fixed by
> > this patch. Certainly no need for an endless churn of patches, and
> > given the limited number it also doesn't seem likely that new
> > instances will be added on a regular base.
>
> Thanks for providing numbers! The next question is: how many of these
> 16 occurrences are actual bugs?
Probably none.
> This is what measures the usefulness of the warning.
I very much doubt that this is a useful metric given the limited
number of occurrences.
Let's assume that 1 out of 20 patches not doing the cast have an
actual problem. For 16 occurrences this means there's a 44% chance
that none of these instances is an error (18.5% for 1 out 10). This
is without taking into account that some of the instances are in the
same file and likey similar (as in the KVM case), and that most of the
code has undergone years of testing in the field.
Powered by blists - more mailing lists